how do you validate server cert & each of the certificate in the chain up to the ROOT in perl - 4 levels deep.
I want to be able to check if they are valid & the signing is done right, also want to check if any of them are revoked in perl.
check: server cert-> chain1->chain2->root. I am not sure how to accomplish this step by step & error out accordingly.
Any references to a working example? This is what I have:
my $certclient = IO::Socket::SSL->new(
PeerHost => "$host:$port",
SSL_ca_file => Mozilla::CA::SSL_ca_file(),
SSL_verify_mode => 0,
SSL_version => 'TLSv1',
SSL_cipher_list => 'RC4-SHA',
Proto => 'tcp',
Timeout => '5',
);
$certclient->verify_hostname($host, "http");
my $cn = $certclient->peer_certificate("cn");
$certclient->verify_hostname($host, "http");
thanks! http://search.cpan.org/~sullr/IO-Socket-SSL-2.003/lib/IO/Socket/SSL.pod
IO::Socket::SSL
will do all the verification for you if you don't disable it by settingSSL_verify_mode
to 0. It will also check if the certificate is revoked if you provide the necessary CRL (SSL_crl_file
) or use OCSP by settingSSL_ocsp_mode
and call$ssl->ocsp_resolver->resolve_blocking()
.It does not provide an interface to do this steps by hand and neither does the underlying
Net::SSLeay
module. The OpenSSL functions necessary to do the verification are not exposed to Perl.